[IS&T Security-FYI] SFYI Newsletter, November 23, 2009

Monique Yeaton myeaton at MIT.EDU
Mon Nov 23 15:26:43 EST 2009 

In this issue:

1. Microsoft Investigating SMB Vulnerability
2. Apple Security Updates, November 2009
3. Snow Leopard's XProtect
4. Event: SANS Application Security 2010


-------------------------------------------------------
1. Microsoft Investigating SMB Vulnerability
-------------------------------------------------------

Microsoft is investigating new public reports of a possible denial of  
service vulnerability in the Server Message Block (SMB) protocol. This  
vulnerability could NOT be used to take control of or install  
malicious software on a user's system. However, Microsoft is aware  
that detailed exploit code has been published for the vulnerability.  
The company is monitoring the situation to keep customers informed and  
provide customer guidance as necessary.

The advisory offers some mitigating factors to reduce the severity of  
the vulnerability: Firewall best practices and standard firewall  
default configurations can help protect networks from attacks. Best  
practice recommends that systems that are connected to the Internet  
have minimal number of ports exposed. In this case, SMB ports should  
be blocked from the Internet.

Read the full advisory here:
<http://www.microsoft.com/technet/security/advisory/977544.mspx>


-------------------------------------------------------
2. Apple Security Updates, November 2009
-------------------------------------------------------

Apple released two security updates this month:

  * Security Update 2009-006 / Mac OS X 10.6.2
  * Safari 4.0.4

The Security Update should be applied to all computers running 10.5.8,  
10.6 and 10.6.1. The Safari update was released for OS X 10.4.11,  
10.5.8, 10.6.2, Windows 7, Vista and XP. It patches seven security  
flaws. The most serious affects only Windows versions of the software.

More details:
<http://support.apple.com/kb/HT1222>
<http://www.networkworld.com/news/2009/111009-apple-releases-security-update-2009-006.html 
 >
<http://www.h-online.com/security/news/item/Apple-fixes-critical-vulnerabilities-in-Safari-857378.html 
 >


------------------------------------
3. Snow Leopard's XProtect
------------------------------------

With the release of OS X 10.6 (Snow Leopard), there's been some  
discussion amongst security professionals about XProtect, a utility  
that Apple included in the newest operating system to catch specific  
forms of malware.

Apple had been known to leave malware detection to security vendors,  
making the argument that because Macs are already built with  
protection in mind, no malware can penetrate its system. We now know  
that isn't true. Mac users need to use anti-malware software just like  
other computer users.

XProtect is still very basic. To offer some protection against Trojans  
while browsing dangerous websites, XProtect kicks in with a warning.  
Watch this demo from Sophos to see how XProtect works:

<http://www.digitalthreat.net/?p=318>

As you will see, anti-malware software from Sophos or McAfee will do  
the same job just fine. In fact, it does it even better than XProtect,  
which will not catch malware delivered via torrent, IM, or external  
drive.


----------------------------------------------------
4. Event: SANS Application Security 2010
----------------------------------------------------

Today, over 70% of attacks come through the application layer instead  
of the operating system. Attacks on web applications constitute more  
than 60% of the total attack attempts observed on the Internet. If you  
and your developer team are not trained and certified to write secure  
code, you are unwittingly creating weaknesses and vulnerabilities that  
will enable attacks.

Learn more about this SANS course:
<http://www.sans.org/appsec-2010/>


= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >


Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091123/9af2ff15/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091123/9af2ff15/attachment.bin

More information about the ist-security-fyi mailing list